Bugzilla – Bug 1211643
VUL-0: CVE-2023-32324: cups: buffer overflow vulnerability in the function format_log_line could cause a denial-of-service
Last modified: 2023-06-26 11:15:28 UTC
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 is now public accessible
public
via oss-security From: Zdenek Dohnal <zdohnal@redhat.com> Subject: [oss-security] [vs] CVE-2023-32324 heap buffer overflow in cupsd Date: Thu, 1 Jun 2023 12:35:16 +0200 there is currently embargoed CVE-2023-32324 in cups project: Summary A heap buffer overflow vulnerability would allow a remote attacker to lauch a dos attack. Details A buffer overflow vulnerability in the function |format_log_line| could allow remote attackers to cause a denial-of-service(DoS) on the affected system (not verified for possible arbitrary code execution). The vulnerability affects the commit #c0c4037 and the latest commit #4310a07 on the GitHub master branch as well as the latest release version v2.4.2. I have only tested these versions so far. Exploitation of the vulnerability can be triggered when the configuration file |cupsd.conf| sets the value of |loglevel |to |DEBUG| if the log location is set to a file. Reproduce ...
Submitted fix to openSUSE:Factory: ---------------------------------------------------------------- # osc request accept 1090271 \ --message="Fix for CVE-2023-32324 \ Heap buffer overflow in cupsd bsc#1211643" Result of change request state: ok openSUSE:Factory Forward this submit to it? ([y]/n)y The following submit requests are already open: 990954, 1042341. Supersede the old requests? (y/n/c) y Fix for CVE-2023-32324 Heap buffer overflow in cupsd bsc#1211643 (forwarded request 1090271 from jsmeix) New request # 1090272 ----------------------------------------------------------------
This is an autogenerated message for OBS integration: This bug (1211643) was mentioned in https://build.opensuse.org/request/show/1090272 Factory / cups
SUSE-SU-2023:2347-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1211643 CVE References: CVE-2023-32324 Sources used: openSUSE Leap Micro 5.3 (src): cups-2.2.7-150000.3.43.1 openSUSE Leap 15.4 (src): cups-2.2.7-150000.3.43.1 openSUSE Leap 15.5 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Micro 5.3 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Micro 5.4 (src): cups-2.2.7-150000.3.43.1 Basesystem Module 15-SP4 (src): cups-2.2.7-150000.3.43.1 Basesystem Module 15-SP5 (src): cups-2.2.7-150000.3.43.1 Desktop Applications Module 15-SP5 (src): cups-2.2.7-150000.3.43.1 Development Tools Module 15-SP4 (src): cups-2.2.7-150000.3.43.1 Development Tools Module 15-SP5 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Real Time 15 SP3 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): cups-2.2.7-150000.3.43.1 SUSE Manager Proxy 4.2 (src): cups-2.2.7-150000.3.43.1 SUSE Manager Retail Branch Server 4.2 (src): cups-2.2.7-150000.3.43.1 SUSE Manager Server 4.2 (src): cups-2.2.7-150000.3.43.1 SUSE Enterprise Storage 7.1 (src): cups-2.2.7-150000.3.43.1 SUSE Enterprise Storage 7 (src): cups-2.2.7-150000.3.43.1 SUSE CaaS Platform 4.0 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Micro 5.2 (src): cups-2.2.7-150000.3.43.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): cups-2.2.7-150000.3.43.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2346-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1211643 CVE References: CVE-2023-32324 Sources used: SUSE OpenStack Cloud 9 (src): cups-1.7.5-20.39.1 SUSE OpenStack Cloud Crowbar 9 (src): cups-1.7.5-20.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): cups-1.7.5-20.39.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): cups-1.7.5-20.39.1 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): cups-1.7.5-20.39.1 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): cups-1.7.5-20.39.1 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): cups-1.7.5-20.39.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): cups-1.7.5-20.39.1 SUSE Linux Enterprise Server 12 SP5 (src): cups-1.7.5-20.39.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): cups-1.7.5-20.39.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
https://build.opensuse.org/request/show/1090272 is accepted so this issue is FIXED.